As a premier organization and recognized global leader in incident response, FIRST functions similar to a professional association for CSIRT and PSIRT members as well as other cybersecurity professionals with training and experience related to the work of incident response and security teams.
The world around FIRST is becoming increasingly aware of the importance of cybersecurity issues and the important work of security incident response teams in keeping the Internet safe and trustworthy. As a result, more and more activities and efforts are being expected of SIRTs, and more and more questions arise regarding the proper role and expected behaviors of SIRTs. These questions could potentially be answered by a definitive set of statements of what SIRTs will or will not do: A FIRST Code of Ethics.
It is quite typical for professional organisations to have a published code of conduct or code of ethics that their members are required to live up to. Even in computer science, many organisations have these. Examples include:
The establishment of a Code of Ethics for FIRST members would further the professionalization of the FIRST community and its practitioners, increase the prominence of FIRST as a unique professional association for SIRT members, and help to greatly improve the world’s understanding of SIRTs and how they operate.
During 2016, the Ethics SIG will seek to recruit members from FIRST members and draft an initial scoping statement for a FIRST Code of Ethics. The scoping statement will, among other things, address whether FIRST ethics should apply to individual members of the FIRST member teams or only to the teams themselves. It is anticipated that the development of a FIRST Code of Ethics will take more than one year to complete and require significant deliberation, including input from members of the commercial, government, academic, and policy communities that make up the broad CSIRT community of practice.
The ultimate goal of the Ethics SIG will be to produce a proposed FIRST Code of Ethics which, once approved by the FIRST Board, will be brought to a vote by the FIRST Membership at a future AGM, and if adopted, published by FIRST and adhered to by its member teams and liaisons.